The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0

Code Review Guide (RC2) Completed

Code review tool

The following link is for the new version of Code Crawler,code review tool which examines code for keywords discussed in the section "First sweep of the code base"It has a new look and feel and also uses MS SQL Server express.

Owasp Orizon Code review engine

The Owasp Orizon Project is born in 2006 to provide a set of APIs to provide an opensource engine to provide static analysis services to developers that wants to build a code review tool.

The Owasp Orizon will evolve accordingly in order to implement security checks described in the Code Review Guide.
With the framework a UI is also provided in order to give people a standalone tool to realize code review for the security flaws listed in the "The Owasp Code Review Top 10 flaw categories"

Spring Of Code 2007

Project Contributors

The OWASP Code Review project was conceived by Eoin Keary the OWASP Ireland Founder and Chapter Lead.
We are actively seeking techies to add new sections as new web technologies emerge.
If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:eoin.keary@owasp.org

Volunteers Needed

Yes please, drop me a line.
Need help on this one, don't be shy, all help appreciated